Thanks Robyn,
My config Internet - Untangle -- Switch and plug on the switch Vyatta Router, the network 192.168.2.0, and the DHCP Server Schema: X --------- Vyatta -- Network 192.168.10.0 Internet --- Untangle Gateway --- Switch X---------- Network 192.168.2.0 + DHCP Server My config on vyatta protocols { snmp { community public { client 192.168.2.5 client 192.168.2.99 } trap-target 192.168.1.1 trap-target 192.168.10.1 contact: "Network Administrator" location: "XXXXX" } static { } } policy { } interfaces { loopback lo { address 10.0.0.65 { prefix-length: 32 } } ethernet eth0 { description: "My Sub Net 10" hw-id: 00:03:47:06:39:9e address 192.168.10.1 { prefix-length: 24 } } ethernet eth1 { disable: true description: "Not Working" hw-id: 00:06:5b:a5:29:10 } ethernet eth2 { description: "Interface Out" hw-id: 00:0e:2e:98:18:80 address 192.168.2.10 { prefix-length: 24 } } } service { dhcp-relay { interface eth0 interface eth2 server 192.168.2.2 relay-options { } } nat { rule 1 { type: "masquerade" outbound-interface: "eth2" } rule 2 { type: "masquerade" inbound-interface: "eth2" outbound-interface: "eth0" protocols: "all" source { network: "192.168.2.0/24" } destination { network: "192.168.10.0/24" } } } ssh { } webgui { } } firewall { } } system { host-name: "XXXXX" domain-name: "XXXX.ac.id" domain-search { domain "XXXXX.ac.id" } name-server 192.168.2.2 time-zone: "GMT+7" ntp-server "69.59.150.135" gateway-address: 192.168.2.1 login { user root { authentication { encrypted-password: "" } } user vyatta { authentication { encrypted-password: "" } } user networkadmin { full-name: "Network Administrator" authentication { encrypted-password: "" plaintext-password: "" } } } package { repository community { component: "main" url: "http://archive.vyatta.com/vyatta" } } options { } } The capture from a PC in the network 192.168.2.0 tshark -i eth2 port 67 and port 68 -Vn Frame 5 (342 bytes on wire, 342 bytes captured) Arrival Time: Dec 6, 2007 09:00:22.590416000 [Time delta from previous packet: 0.018551000 seconds] [Time since reference or first frame: 0.019484000 seconds] Frame Number: 5 Packet Length: 342 bytes Capture Length: 342 bytes [Frame is marked: False] [Protocols in frame: eth:ip:udp:bootp] Ethernet II, Src: MacRouterEth2 (MacRouterEth2), Dst: XXXX (XXX) Destination: XXXX (XXXXX) Address: XXXX (XXXXX) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Source: MAC (MacRouterEth2) Address: MacRouterEth2 (0MacRouterEth2) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) Type: IP (0x0800) Internet Protocol, Src: 192.168.2.10 (192.168.2.10), Dst: 192.168.2.196 ( 192.168 .2.196) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00) 0001 00.. = Differentiated Services Codepoint: Unknown (0x04) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 328 Identification: 0x0000 (0) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 16 Protocol: UDP (0x11) Header checksum: 0x2377 [correct] [Good: True] [Bad : False] Source: 192.168.2.10 (192.168.2.10) Destination: 192.168.2.196 (192.168.2.196) User Datagram Protocol, Src Port: 67 (67), Dst Port: 68 (68) Source port: 67 (67) Destination port: 68 (68) Length: 308 Checksum: 0x9f16 [correct] Bootstrap Protocol Message type: Boot Reply (2) Hardware type: Ethernet Hardware address length: 6 Hops: 0 Transaction ID: 0x3c080bf9 Seconds elapsed: 0 Bootp flags: 0x0000 (Unicast) 0... .... .... .... = Broadcast flag: Unicast .000 0000 0000 0000 = Reserved flags: 0x0000 Client IP address: 0.0.0.0 (0.0.0.0) Your (client) IP address: 192.168.2.196 (192.168.2.196) Next server IP address: 192.168.2.2 (192.168.2.2) Relay agent IP address: 192.168.2.10 (192.168.2.10) Client MAC address: XXXXX (XXXX) Server host name not given Boot file name not given Magic cookie: (OK) Option: (t=53,l=1) DHCP Message Type = DHCP Offer Option: (53) DHCP Message Type Length: 1 Value: 02 Option: (t=1,l=4) Subnet Mask = 255.255.255.0 Option: (1) Subnet Mask Length: 4 Value: FFFFFF00 Option: (t=58,l=4) Renewal Time Value = 4 days Option: (58) Renewal Time Value Length: 4 Value: 00054600 Option: (t=59,l=4) Rebinding Time Value = 7 days Option: (59) Rebinding Time Value Length: 4 Value: 00093A80 Option: (t=51,l=4) IP Address Lease Time = 8 days Option: (51) IP Address Lease Time Length: 4 Value: 000A8C00 Option: (t=54,l=4) Server Identifier = 192.168.2.2 Option: (54) Server Identifier Length: 4 Value: C0A80202 Option: (t=3,l=4) Router = 192.168.2.1 Option: (3) Router Length: 4 Value: C0A80201 Option: (t=6,l=4) Domain Name Server = 192.168.2.2 Option: (6) Domain Name Server Length: 4 Value: C0A80202 Option: (t=44,l=4) NetBIOS over TCP/IP Name Server = 192.168.2.2 Option: (44) NetBIOS over TCP/IP Name Server Length: 4 Value: C0A80202 Option: (t=46,l=1) NetBIOS over TCP/IP Node Type = H-node Option: (46) NetBIOS over TCP/IP Node Type Length: 1 Value: 08 End Option Padding But I have no Frame message if I request a new ip from the network eth0 Thanks for your help Damien On Dec 6, 2007 10:41 PM, Robyn Orosz <[EMAIL PROTECTED]> wrote: > Hi Damien, > > This should work as long as requests are coming in from hosts that are > connected to eth0. Is there more than one network assigned to eth0? It > would help if you could post your configuration (you can block out any > public IPs). > > If you run a verbose packet capture, you should be able to see what the > relay agent IP is in the request packet. If it's something other than > 192.168.10.x or 192.168.2.x (your 2 scopes), the Windows server is not > going to serve an address to it. > > Try running: > > tshark -i eth2 port 67 and port 68 -Vn > > Thanks, > > Robyn > > Dams wrote: > > Thanks for your reply. > > > > Sorry, my mistake : not eth1 but eth0. (192.168.10.X) > > > > Eth2 -> network with the DHCP Server on network 192.168.2.XXx > > > > The DHCP serve the scope (192.168.2.0 <http://192.168.2.0>) as well : > > here no problem the pc got their IP (see the log, after) > > > > and I would like that the DHCP server serve the scope 192.168.10.XX as > > well on the interfaces eth0 > > > > So on my windows server, I have a superScope with 2 scope ( > > 192.168.2.0 <http://192.168.2.0> and 192.168.10.0 <http://192.168.10.0>) > > > > > > styohanes:~# tcpdump -n port 67 -i eth2 > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > > decode > > listening on eth2, link-type EN10MB (Ethernet), capture size 96 bytes > > > > 07:45:14.790263 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, > > Request from XXX, length 300 > > 07:45:31.788526 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, > > Request from XXX, length 300 > > 07:46:32.337900 IP 192.168.2.154.68 > 255.255.255.255.67: BOOTP/DHCP, > > Request from XXX333, length 300 > > 07:47:15.884938 IP 0.0.0.0.68 > 255.255.255.255.67 : BOOTP/DHCP, > > Request from XXX222, length 300 > > 07:47:15.885338 IP 192.168.2.2.67 > 255.255.255.255.68: BOOTP/DHCP, > > Reply, length 300 > > 07:47:28.896045 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, > > Request from XXX222, length 300 > > 07:47:28.896468 IP 192.168.2.2.67 > 255.255.255.255.68: BOOTP/DHCP, > > Reply, length 300 > > 07:50:50.781445 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, > > Request from XXX, length 300 > > 07:50:53.777544 IP 192.168.2.10.67 > 192.168.2.2.67: BOOTP/DHCP, > > Request from XXX, length 300 > > > > So, the request is going to the DHCP server, but no reply from him..... > > But it work fine for the mac XXX222 which is in the network > > 192.168.2.0 <http://192.168.2.0> > > > > I think the problem is from my DCHP Server, > > How can you define a scope to reply to a router > > - link the Scope 192.168.10.0 <http://192.168.10.0> to the router > > 192.168.10.1 <http://192.168.10.1> ? > > > > > > Thanks for your help. > > > > only 6 hours on a DHCP problem, :-/ > > > > > > > > merci > > Damien > > > > > > On Dec 6, 2007 9:40 PM, Robyn Orosz < [EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > Hi Damien, > > > > What interface is the network connected to that you wish to serve > > DHCP > > addresses? You mention eth1 in your post, but I only see eth0 and > > eth2 > > configured for dhcp-relay. If you want to serve hosts behind > > eth1, you > > need to add eth1 to the dhcp-relay configuration. > > > > To make this more clear, if your win 2k3 server is configured with a > > DHCP scope for network 192.168.10.x, it will only serve requests > made > > from the interface configured with 192.168.10.x. The dhcp-relay > adds > > the IP address of the interface that requests are seen on into the > > BOOTP > > request packets so the DHCP server knows which scope to serve > > addresses > > to. > > > > Thank you, > > > > Robyn > > > > Troopy . wrote: > > > Hello, > > > > > > Did you check the routing? i mean the DHCP server must be able to > > > reach the client at the IP layer. > > > > > > I remember i forgot this when i wrote the DHCP openmaniak > tutorial. > > > (See the case study, i forgot "set protocols static route > > 0.0.0.0/0 <http://0.0.0.0/0> next-hop 10.0.2.2 <http://10.0.2.2>") > > > > > > > > > Bonne chance > > > Troopy > > > > > > ---------- Original Message ---------------------------------- > > > From: Dams < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > > > Date: Thu, 6 Dec 2007 18:01:08 +0700 > > > > > > > > >> Hello, > > >> > > >> > > >> I have a problem with the DHCP-relay > > >> > > >> Config: > > >> dhcp-relay { > > >> interface eth0 > > >> interface eth2 > > >> server 192.168.2.2 <http://192.168.2.2> > > >> relay-options { > > >> } > > >> > > >> > > >> Eth0 conect to my DHCP server (win 2k3 Server) : 192.168.2.2 > > <http://192.168.2.2> > > >> and Eth1 to a subnet : 192.168.10.X > > >> > > >> But the dhcp relay doesn't work > > >> XXXXX:~# tcpdump -n port 67 > > >> tcpdump: verbose output suppressed, use -v or -vv for full > > protocol decode > > >> listening on eth0, link-type EN10MB (Ethernet), capture size 96 > > bytes > > >> 17:50:29.636059 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, > > Request from > > >> XXXXX, length 300 > > >> 17:50:33.376048 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, > > Request from > > >> XXXXX, length 300 > > >> 17:50:38.370026 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, > > Request from > > >> XXXXX, length 300 > > >> 17:50:47.370767 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, > > Request from > > >> XXXXX, length 300 > > >> 17:51:03.369141 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, > > Request from > > >> XXXXX, length 300 > > >> > > >> > > >> But If I add the MAC on static in my DHCP Server, it work fine. > > >> > > >> XXX:~# tcpdump -n port 67 > > >> tcpdump: verbose output suppressed, use -v or -vv for full > > protocol decode > > >> listening on eth0, link-type EN10MB (Ethernet), capture size 96 > > bytes > > >> 17:11:28.052775 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, > > Request from > > >> XXXXX, length 300 > > >> 17:11:28.053871 IP 192.168.10.1.67 > 255.255.255.255.68: > > BOOTP/DHCP, Reply, > > >> length 318 > > >> 17:11:28.055461 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, > > Request from > > >> XXXXX, length 302 > > >> 17:11:28.056391 IP 192.168.10.1.67 > 255.255.255.255.68: > > BOOTP/DHCP, Reply, > > >> length 318 > > >> > > >> > > >> What did I miss ? > > >> > > >> > > >> I follow the HowTo > > >> http://www.openmaniak.com/vyatta_case_dhcp.php#dhcp-process > > <http://www.openmaniak.com/vyatta_case_dhcp.php#dhcp-process> which > is > > >> brilliant, thanks. > > >> The only differents is that my DHCP is not on the router, but > > on another PC. > > >> > > >> Do I need to add a route to define the DHCP Server? > > >> Do i need to add a data on the server to ask him to take the > > request form > > >> the Vyatta Router ? > > >> > > >> > > >> Thanks for your help > > >> -- > > >> Cordialement / Sincerely > > >> Damien > > >> MEP Volunteer Indonesia / Volontaire MEP Indonesia > > >> http://www.mepasie.org > > >> > > >> > > >> > > >> > > > > > > > > > > > > ______________________________________________________ > > > Désirez vous une adresse éléctronique @suisse.com > > <http://suisse.com>? > > > Visitez la Suisse virtuelle sur http://www.suisse.com > > > > > > _______________________________________________ > > > Vyatta-users mailing list > > > Vyatta-users@mailman.vyatta.com > > <mailto:Vyatta-users@mailman.vyatta.com> > > > http://mailman.vyatta.com/mailman/listinfo/vyatta-users > > > > > > > > > > > > > -- > > Cordialement / Sincerely > > Damien HERITIER > > MEP Volunteer Indonesia / Volontaire MEP Indonesia > > http://www.mepasie.org > -- Cordialement / Sincerely Damien HERITIER MEP Volunteer Indonesia / Volontaire MEP Indonesia http://www.mepasie.org
_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users